dataprivacyfandomcom-20200213-history
Phishing
Phishing (not to be confused with fishing) is somewhat of a new-age term which does, in fact, allude to the act of actually fishing. The act is described as the process in which a person attempts to gather sensitive and/or personal information for malicious reasons by disguising themselves as a legitimate, trustworthy entity such as a well-known tech company. The attacker tries to lure their ignorant victims with bait. In 2014, Microsoft released the worldwide impact of phishing scams in US dollars, it came to be over $5 billion in data privacy breaches. Types of Phishing Clone Phishing A previously delivered legitimate email containing an attachment or link has had its content and recipient address taken and used to create an almost identical or "cloned email". The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email. Spear Phishing Phishing attempts directed at specific individuals or companies have been termed "spear phishing". Attackers may gather personal information about their target to increase their probability of success. This technique is by far the most successful on the internet today, accounting for 91% of attacks according to a report by Firmex. Whaling Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term "whaling" has been coined for these kinds of attacks. In the case of whaling, the masquerading webpage or email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person's role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue. Whaling scam emails are designed to mask themselves as a critical business email, sent from a legitimate business authority. The content is meant to be tailored to upper management, and usually involves some kind of falsified company-wide concern. Preventative Actions On a business level, encourage and train safe internet techniques and always question uncertainties. For an individual, it may be harder without overhead IT departments assisting, but there are anti-phishing websites which publish exact messages that have been recently circulating the internet, such as FraudWatch International. Such sites often provide specific details about the particular messages. To avoid directly dealing with the source code of web pages, hackers are increasingly using a phishing tool called Super Phisher that makes the work easy when compared to manual methods of creating phishing websites. As recently as 2007, the adoption of anti-phishing strategies by businesses needing to protect personal and financial information was low. Now there are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing. These techniques include steps that can be taken by individuals, as well as by organizations. Phone, website, and email phishing can now be reported to authorities, as described below. Source Page